[GH-ISSUE #231] Cleanup Certificates on close? #228

New issue

Closed

opened 2026-03-03 19:16:25 +03:00 by kerem · 4 comments

kerem commented 2026-03-03 19:16:25 +03:00

Owner

Copy link

Originally created by @psimoneau22 on GitHub (Jul 29, 2019).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/231

Originally assigned to: @NghiaTranUIT on GitHub.

Proxyman version? (Ex. Proxyman 1.4.3)

• 1.4.6

macOS Version? (Ex. mac 10.14)

10.13.6 (High Sierra)

Steps to reproduce

Open proxyman. Navigate to any url with browser. Select Enable for All Domains in Proxyman.

Close proxyman. Check Keychain. Proxyman CA issued certificates for every domain accessed still exist

Expected behavior

Keychain certificates should be left in the same state they were before the app was opened, removing all Proxyman issued certs.

I would have expected the app to clean up the system when it is done. Its not a big deal, but I am just wondering if it is possible, and why it works the way it does.

Screenshots (optional)

• none

Originally created by @psimoneau22 on GitHub (Jul 29, 2019). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/231 Originally assigned to: @NghiaTranUIT on GitHub. ### Proxyman version? (Ex. Proxyman 1.4.3) - 1.4.6 ### macOS Version? (Ex. mac 10.14) 10.13.6 (High Sierra) ### Steps to reproduce Open proxyman. Navigate to any url with browser. Select Enable for All Domains in Proxyman. Close proxyman. Check Keychain. Proxyman CA issued certificates for every domain accessed still exist ### Expected behavior Keychain certificates should be left in the same state they were before the app was opened, removing all Proxyman issued certs. I would have expected the app to clean up the system when it is done. Its not a big deal, but I am just wondering if it is possible, and why it works the way it does. ### Screenshots (optional) - none

kerem 2026-03-03 19:16:25 +03:00

• closed this issue
• added the
  Feature request
  label

kerem commented 2026-03-03 19:16:26 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Jul 30, 2019):

Hey, that's really valid point. Thank you for pointing it out 👍

I will take it into account in Proxyman 1.5.0. Right now, the re-mapn response from file is on the way.

<!-- gh-comment-id:516235405 --> @NghiaTranUIT commented on GitHub (Jul 30, 2019): Hey, that's really valid point. Thank you for pointing it out 👍 I will take it into account in Proxyman 1.5.0. Right now, the `re-mapn response from file` is on the way.

kerem commented 2026-03-03 19:16:26 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Nov 7, 2019):

So, I figured out how we solve this issues.

Technically, Proxyman is using SecPKCS12Import from Security framework to read the p12 files , then extracting the pubic and private keys. It's crucial for SSL Handshaking between Proxyman and the client. However, SecPKCS12Import import the cert to the KeyChain by default.

I researched SecItemImport, and the result is same without touching to the KeyChain. I will release the fix in next release 1.9.0 👍

Thank you for pointing it out 😄

Ref:

• https://forums.developer.apple.com/thread/31711
• https://developer.apple.com/documentation/security/1396915-secpkcs12import

<!-- gh-comment-id:550917641 --> @NghiaTranUIT commented on GitHub (Nov 7, 2019): So, I figured out how we solve this issues. Technically, Proxyman is using `SecPKCS12Import` from `Security` framework to read the p12 files , then extracting the pubic and private keys. It's crucial for SSL Handshaking between Proxyman and the client. However, `SecPKCS12Import` import the cert to the KeyChain by default. I researched `SecItemImport`, and the result is same without touching to the KeyChain. I will release the fix in next release 1.9.0 👍 Thank you for pointing it out 😄 Ref: - https://forums.developer.apple.com/thread/31711 - https://developer.apple.com/documentation/security/1396915-secpkcs12import

kerem commented 2026-03-03 19:16:26 +03:00

Author

Owner

Copy link

@psimoneau22 commented on GitHub (Nov 7, 2019):

this is great, thank you!

<!-- gh-comment-id:550958753 --> @psimoneau22 commented on GitHub (Nov 7, 2019): this is great, thank you!

kerem commented 2026-03-03 19:16:26 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Nov 8, 2019):

All done 🎉

🤯 Changelogs

• Create new private keychain for each app, Proxyman or Setapp
• Store the p12
• Remove when the app quits

Here is the BETA: https://proxyman.s3.us-east-2.amazonaws.com/beta/Proxyman_1.8.0_Keychain_issues.dmg

I will officially release in this weekend or next week at least 👍 😄

<!-- gh-comment-id:551386440 --> @NghiaTranUIT commented on GitHub (Nov 8, 2019): All done 🎉 ## 🤯 Changelogs - [x] Create new private keychain for each app, Proxyman or Setapp - [x] Store the p12 - [x] Remove when the app quits Here is the BETA: https://proxyman.s3.us-east-2.amazonaws.com/beta/Proxyman_1.8.0_Keychain_issues.dmg I will officially release in this weekend or next week at least 👍 😄

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

6.9.0

6.8.0

6.7.0

6.6.0

6.5.0

6.4.0

6.3.0

6.2.0

6.1.0

6.0.2

6.0.0

6.0.1

5.25.0

5.24.0

5.23.0

5.23.1

5.22.0

5.20.0

5.21.0

5.19.0

5.18.0

5.17.0

5.16.0

5.15.0

5.14.0

5.12.2

5.12.1

5.12.0

5.11.0

5.10.0

5.8.0

5.9.0

5.7.0

5.6.1

5.6.0

5.5.0

5.4.0

5.2.0

5.3.0

5.1.1

5.0.0

4.16.0

4.15.0

4.14.0

4.13.0

4.12.0

4.11.0

4.10.0

4.9.1

4.9.0

4.8.2

4.8.1

4.8.0

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.0

4.3.1

4.3.0

4.2.1

4.2.0

4.1.0

4.0.0

3.15.0

3.14.0

3.13.0

3.12.0

3.11.0

3.10.0

3.9.0

3.8.0

3.7.0

3.6.2

3.6.1

3.6.0

3.5.2

3.5.1

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.35.4

2.35.3

2.35.2

2.35.1

2.35.0

2.34.1

2.34.0

2.33.0

2.32.1

2.32.0

2.31.0

2.30.0

2.29.0

2.28.0

2.27.0

2.26.0

2.25.0

2.24.0

2.23.0

2.22.0

2.21.1

2.21.0

2.20.0

2.19.0

2.18.0

2.17.0

2.16.1

2.16.0

2.15.2

2.15.1

2.15.0

2.14.2

2.14.1

2.14.0

2.13.0

2.12.0

2.11.1

2.11.0

2.10.0

2.9.1

2.9.0

2.8.0

2.7.0

2.6.0

2.5.3

2.5.2

2.5.1

2.5.0

2.4.2

2.4.1

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.1

2.0.0

1.24.0

1.23.0

1.22.0

1.21.0

1.20.0

1.19.0

1.18.1

1.18.0

1.17.1

1.17.0

1.16.0

1.15.0

1.14.1

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.7

1.4.6

1.4.5.1

1.4.5

1.4.4.1

1.4.4

1.4.3

1.4.2

1.4.1.1

1.4.1

1.4

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4.3

1.3.4.2

1.3.4.1

1.3.4

1.3.3

1.3.2

1.3.1

1.3

1.2

1.1.2

1.1.1

1.1

1.0.3

1.0.2

1.0

0.8.1

0.8

0.7

0.6

0.5.1

0.5

v0.4.1

Labels

Clear labels   

Discussion

  

Feature request

  

In Progress...

  

Plugins

  

Waiting response

  

Windows

  

Windows

  

bug

  

duplicate

  

enhancement

  

feature

  

good first issue

  

iOS

  

macOS 10.11

  

question

  

wontfix

  

✅ Done

No labels

Discussion

Feature request

In Progress...

Plugins

Waiting response

Windows

Windows

bug

duplicate

enhancement

feature

good first issue

iOS

macOS 10.11

question

wontfix

✅ Done

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Proxyman#228

No description provided.